IE bug lets hackers read your mail

By
Matthew Broersma
| Jun 29, 2006

Share

TwitterFacebookLinkedInGoogle Plus

Security researchers on Thursday warned of fresh security problems in Microsoft Internet Explorer that could allow attackers to take over a system or read private information from other Web sites. One of the bugs also affects Firefox, according to researchers. Proof-of-concept code was released demonstrating one of the bugs.

Also this week, Microsoft re-released a patch from two weeks ago that had interfered with users' dial-up connections.

A researcher on the Full Disclosure mailing list warned of the two IE problems, the more serious of which could be used to trick users into executing code on their systems. The bug is in IE's handling of file shares, and could allow attackers to execute malicious HTA applications via a a directory traversal attack, according to researchers.

Because exploitation requires users to double-click somewhere on a Web page, some researchers, such as Secunia, gave this bug a moderately critical rating, while others, such as the SANS Institute, said it was more severe.

The second flaw involves the way IE handles redirections, and could allow an attacker to access information from other Web sites in the context of the user, via the object.documentElement.outerHTML property.

"This vulnerability can be potentially nasty as attackers can use it to retrieve data from other Web sites the user is logged into (for example, webmail) and harvest user credentials," said SANS Internet Storm Center handlers in an advisory. "Several handlers have spent a little more time validating this particular issue and while it is a subtle exploit and rated a lower level risk, this issue has raised some of our neck hairs."

Secunia confirmed the bug on a fully patched system running Internet Explorer 6.0 and Windows XP SP2, and published a vulnerability test (click here) based on proof of concept code published by researcher Plebo Aesdi Nael on the Full Disclosure list.

SANS ISC said it had also confirmed the bug in Mozilla Firefox. While Secunia's demonstration doesn't expose the Firefox version of the bug, Nael's original proof of concept code can be exploited on the Mozilla browser, according to SANS ISC handlers.

Earlier this month, Microsoft released a patch fixing problems with routing and remote access, as detailed in Microsoft Security Bulletin MS06-025. On Tuesday, the company updated the patch to address problems with dial-up connections and dial-up scripting created by the original patch.

Researchers with the Metasploit Project released exploit code for bug MS06-025 a few days after the patch, causing Microsoft to warn users that attacks exploiting the vulnerability could be imminent.